Dynamic taint analysis

Can someone tell me something about Dynamic taint analysis?

 

will this help?

http://valgrind.org/docs/newsome2005.pdf

sorry if it doesnt.

 

I can google too you know.

 

LUSHER,

As far as I can tell...

Dynamic - Refers to actions that take place at the moment they are needed rather than in advance. For example, many programs perform dynamic memory allocation, which means that they do not reserve memory ahead of time, but seize sections of memory when needed. In general, such programs require less memory, although they may run a little more slowly.

taint - is a term used to refer to the perineum (the region of the human body between the testicles or vagina and the anus). This term has no basis in medical terminology and is most often considered lewd and mildly obscene.

analysis - means literally to break a complex problem down into smaller, more manageable "independent" parts for the purposes of examination — with the hope that solving these smaller parts will lead to a solution of the more complex problem as well.

I'm confident you were just being inquisitive. Perhaps a re-word is in order? The taint reference is the one that is uncommon and funny or may even be offensive to some. Not offensive to me because I found it humorous.

 

I found it funny also, I hope that someone was not just pulling your leg. I know I laughed a little reading the title, as I didn't think that an analysis of the "taint" belonged in a security forum .
Now if this is actually has something to do with computer security I hope someone will enlighten us all.

EDIT:
I actually found a fairly easy to read paper from the ComSci Dept. at SUNY Stonybrook:
http://seclab.cs.sunysb.edu/seclab/pubs/papers/usenix_sec06.pdf

I feel a little silly now.

 

whatever dude.. back to discussing whether that 1% difference in avcomparitives is worth making a switch...

 

that's a bit harsh.

 

If this was directed at me, I have no idea what you are talking about.

 

That seems to be the perfect companion to behavioral detection (in an AV lab, at least): whereas "norman's like sandboxes" monitor the execution of "tainted executables", this kind of sandbox monitors the flow of tainted data inside legit execuables. I'm impressed by the perfs they obtain: according to the authors, the slowdown for apache is only 1.5 to 40. If you consider the time needed to translate the code to and from ucode, the instrumentation and the memory overhead, that's surprisinglyly good. Another application they do not mention explicitely is the use of TaintCheck on the client side (browser, etc.), in security-critical environments.

Does somebody know if Valgrind is able to handle correctly self modifying code ?

 

Mostly...goto Valgrind.org